"All theses issues can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. * CVE-2022-46340/ZDI-CAN-19265: X.Org Server XTestSwapFakeInput stack overflow The swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue does not affect systems where client and server use the same byte order. * CVE-2022-46341/ZDI-CAN-19381: X.Org Server XIPassiveUngrab out-of-bounds access The handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. * CVE-2022-46342/ZDI-CAN-19400: X.Org Server XvdiSelectVideoNotify use-after-free The handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. * CVE-2022-46343/ZDI-CAN-19404: X.Org Server ScreenSaverSetAttributes use-after-free The handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. * CVE-2022-46344/ZDI-CAN-19405: X.Org Server XIChangeProperty out-of-bounds access The handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. * CVE-2022-46283/ZDI-CAN-19530: X.Org Server XkbGetKbdByName use-after-free The XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests." Please bump to 21.1.5. Not sure if these can affect xwayland, feel free to remove from summary if not.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b40b8b2be51f4b8bf43e2e5d506c169318c468f commit 4b40b8b2be51f4b8bf43e2e5d506c169318c468f Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2022-12-14 02:50:58 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2022-12-14 02:57:26 +0000 x11-base/xorg-server: Version bump to 21.1.5 Bug: https://bugs.gentoo.org/885825 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-base/xorg-server/Manifest | 1 + x11-base/xorg-server/xorg-server-21.1.5.ebuild | 195 +++++++++++++++++++++++++ 2 files changed, 196 insertions(+)
Thanks! Please stabilize when ready
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f5c3d27c0245db858a1a2f36e63433d5dfb91ad commit 3f5c3d27c0245db858a1a2f36e63433d5dfb91ad Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2022-12-14 03:15:34 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2022-12-14 03:15:36 +0000 x11-base/xwayland: Version bump to 22.1.6 Bug: https://bugs.gentoo.org/885825 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-base/xwayland/Manifest | 1 + x11-base/xwayland/xwayland-22.1.6.ebuild | 100 +++++++++++++++++++++++++++++++ 2 files changed, 101 insertions(+)
Adjusting this CVE, apparent typo in the advisory
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8268a113aaddf90933c676cf0fe88e49e5b26302 commit 8268a113aaddf90933c676cf0fe88e49e5b26302 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2023-01-03 15:31:50 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2023-01-03 15:55:30 +0000 x11-base/xwayland: Drop old versions Bug: https://bugs.gentoo.org/877459 Bug: https://bugs.gentoo.org/885825 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-base/xwayland/Manifest | 2 - x11-base/xwayland/xwayland-22.1.5.ebuild | 100 ------------------------------- x11-base/xwayland/xwayland-22.1.6.ebuild | 100 ------------------------------- 3 files changed, 202 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2770505a4547a8f25b82b690236f655dc3a2eee0 commit 2770505a4547a8f25b82b690236f655dc3a2eee0 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2023-01-03 15:31:47 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2023-01-03 15:55:29 +0000 x11-base/xorg-server: Drop old versions Bug: https://bugs.gentoo.org/877459 Bug: https://bugs.gentoo.org/885825 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-base/xorg-server/Manifest | 2 - x11-base/xorg-server/xorg-server-21.1.4-r1.ebuild | 195 ---------------------- x11-base/xorg-server/xorg-server-21.1.4.ebuild | 190 --------------------- x11-base/xorg-server/xorg-server-21.1.5.ebuild | 195 ---------------------- 4 files changed, 582 deletions(-)
Thanks!
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=f91a69c129c65b48c349fa74cf96eb46e176c139 commit f91a69c129c65b48c349fa74cf96eb46e176c139 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-30 02:54:51 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-05-30 02:56:36 +0000 [ GLSA 202305-30 ] X.Org X server, XWayland: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/829208 Bug: https://bugs.gentoo.org/877459 Bug: https://bugs.gentoo.org/885825 Bug: https://bugs.gentoo.org/893438 Bug: https://bugs.gentoo.org/903547 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202305-30.xml | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+)
GLSA released, all done!
